Currently in my Web application I have simple USER_LEVEL field against the user credentials e.g
- Normal
- Authoriser
- Admin
As we get further into development I see more ambiguity coming into these roles and expanding the types that are there, so in theory an Admin role would essentially give that person 777 access to everything (not necessarily 777 in the traditional CHMOD way but essentially carte Blanche to do what they wanted).
How best in the ASP.NET world would I go about implementing such behaviour (I noticed ASP.NET has built in Roles methods however at this stage in the project I am not sure attempting to bolt this feature on would work.
Can anyone point at any tutorials or own experiences in implementing this or point me in the direction of what should be used if this isn't considered best practice?